I just set up an encrypted LUKS device using the information on
http://www.saout.de/tikiwiki/tiki-index.php?page=EncryptedDeviceUsingLUKS
There was a suggestion there, which prompted me to check the performance:
If you wish, use /sbin/hdparm to benchmark. However my benchmarks on
an AMD Athlon 3200 indicate no great difference between an encrypted
and a normal unencrypted partition.
First, I set read-ahead to the same value on both devices (original LVM
device, and the crypted one):
# blockdev --setra 16384 /dev/mapper/crypttest
# blockdev --setra 16384 /dev/mapper/san1-test
Next, hdparm test:
# hdparm -t mapper/crypttest mapper/san1-test
mapper/crypttest:
Timing buffered disk reads: 116 MB in 3.01 seconds = 38.54 MB/sec
HDIO_DRIVE_CMD(null) (wait for flush complete) failed: Inappropriate
ioctl for device
/dev/san1/file1-swap:
Timing buffered disk reads: 304 MB in 3.12 seconds = 97.46 MB/sec
HDIO_DRIVE_CMD(null) (wait for flush complete) failed: Inappropriate
ioctl for device
So, this quick test suggests that with a crypted device, I get about 40%
performance of the original LVM volume?
My setup is hardware RAID-10, and a dual core 3 GHz Xeon.
Is it normal? I would say yes, as both cores use 100% CPU when I do
intensive reads from an encrypted volume.
However, this seems to contradict with "However my benchmarks on an AMD
Athlon 3200 indicate no great difference between an encrypted and a
normal unencrypted partition".
I used aes-cbc-essiv:sha256 cipher.
Perhaps, I should use something lighter?
--
Tomasz Chmielewski
http://wpkg.org
---------------------------------------------------------------------
dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/
To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx
For additional commands, e-mail: dm-crypt-help@xxxxxxxx
